6_offer_5.exe

The application 6_offer_5.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘IEMonitor’. This file is typically installed with the program SelectionLinks by Objectify Media which is a potentially unwanted software program. The file has been seen being downloaded from cedexis.operacdn.com and multiple other hosts.
MD5:
4e83bd6fc6eb635fd4e6955ee1d1fda2

SHA-1:
5f33964dc7f0fa27e0d165232b0ea25febd8507d

SHA-256:
ecb9bedd76ba85d85027df12881c699f9f46fb526d76305cdd615d2493a3256a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:24:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Extension.ChromePlugin
15.4.20.13

File size:
1 KB (1,029 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\6_offer_5.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
24:rxFNFja12gUGms7IF76xjTUEIxUTVTjTZy:rxFNha1lUDs7UWxjo7xU5nw

Entry point:
3C, 48, 54, 4D, 4C, 3E, 0D, 0A, 3C, 48, 45, 41, 44, 3E, 0D, 0A, 3C, 54, 49, 54, 4C, 45, 3E, 4B, 37, 54, 6F, 74, 61, 6C, 53, 65, 63, 75, 72, 69, 74, 79, 20, 53, 61, 66, 65, 20, 53, 75, 72, 66, 3C, 2F, 54, 49, 54, 4C, 45, 3E, 0D, 0A, 3C, 73, 74, 79, 6C, 65, 20, 74, 79, 70, 65, 3D, 22, 74, 65, 78, 74, 2F, 63, 73, 73, 22, 3E, 0D, 0A, 62, 6F, 64, 79, 20, 7B, 20, 6D, 61, 72, 67, 69, 6E, 3A, 35, 70, 78, 3B, 70, 61, 64, 64, 69, 6E, 67, 3A, 30, 70, 78, 3B, 20, 66, 6F, 6E, 74, 2D, 66, 61, 6D, 69, 6C, 79, 3A, 41, 72...
 
[+]

Entropy:
5.4412

Google Chrome Extension
ID:
jbpkiefagocgkmemidfngdkamloieekf

Version:
1.1


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IEMonitor

Command:
C:\windows\conhost.exe


The file 6_offer_5.exe has been discovered within the following program.

SelectionLinks  by Objectify Media
SelectionLinks by Objectify Media is a web browser extension for Intenet Explorer and Firefox.
www.selectionlinks.com
88% remove it
 
Powered by Should I Remove It?

The file 6_offer_5.exe has been seen being distributed by the following 50 URLs.

http://cedexis.operacdn.com/pub/.custom/ABTest/.../Opera_43.0.2442.815_x64_Setup.exe

http://download3.operacdn.com/pub/.custom/ABTest/.../Opera_43.0.2442.815_x64_Setup.exe

http://cedexis.operacdn.com/pub/.custom/ABTest/.../Opera_43.0.2442.815_i386_Setup.exe

http://i1.moodclock.xyz/.../sinstall.exe

http://s3-us-west-2.amazonaws.com/.../644.exe

http://download3.operacdn.com/pub/.custom/ABTest/.../Opera_40.0.2308.17697_Setup.exe

http://twelveaward.com/.../setup_3017g.exe

http://www.centersharenew.com/RHnAlUt_PyQNxbC0CbiIAw REy_aIrxHCypdpq7tm6Zb_2XXDEQ0O0w8UfYzAyom49Z1sUQ 6hwgnDaFbQv10MQWE3IJJy15CWIcdF67xRi4OQ5hJogd7 eVI8C0FYqmyvr57leiNKmaIRjuztKXCEh_Zf0m1W79_oWoN_0ZbnNe9nRT3myRw8RDo8LzGwTQcDznwfPR-G1UAAGRgnq2tmc2I5gEbcOBSKA1qd7Z5IG8MfaFhXbd6Fmocws 9neEeQIoAy GGmm8jX7foq 3_mno9MQa3KF5t6_3a_QCNiBI0QrAUSZI=

http://download.inmatrix.com/ffmpeg_0.5.exe

http://operasoftware.pc.cdn.bitgravity.com/pub/.custom/ABTest/.../Opera_29.0.1795.54600_Setup.exe

http://pho.to/.../pwalbuminst.exe

http://cdn.pcpurifier.com/js/pcpurifier/setups/.../setup.exe

http://www.applicationtourscity.com/HqwjeD8QqWvYk3L5w4WgKskyaS_FO7pDncc7cW9dBBwQPIyibS4u90Yk3fqENIq3PUrdW81IpZZhJLmxLNor_X80MqoKRMX93mSpOmUcpNgRiC4FWkPSyapbgqxWcOF040pCXeHUK32N3wbogImRKjn3kXCM3UCd30SWzf0gnuhYtEma hD sOwQAyTbDqGXcDBSalnvKOlI9p1BlgGwH4SqoMl3Dll0V6kOYvbWusErfvfpEZ2pGPNmxSUBAEfV9cY0awLVhVoKSQnZoTT4M oB6heQ9us1d8XOLLat6kRfHM0rwysWt3 oybjiF_jPPaFeDOYkk_95 32c4epEkUIe9aIIBMugU4Z9lhKhQ vC7kPlfyUxssSFLE2Fa8qDPcTKdY_AqTxJVH_a7qj_cJ8DBRTzO3wPItZNrWTp9weTHrPl84iqfhJ5qN4aNwOVrQsLBBNpy_K5XcVbxmevHPF_TIJQ0ks3kzLgGyEgEGQ7CCrfsuFosOeJTHKC7Mnfbw_CdyxV8Dspd6wZyJlA_PnQbZWaw_Ai718NLN5zTEbphK1oZMEoISTmSEbz9kxuVwq5ZXnkjYo8IaccGjLO8FusQ8MYeB kJgjrocRaySc8JGLZuOpTmBlApjCwOLo7P4GddbXYq6UyV4t7M8p2stWQ9RN5qsoUVkFS771i1OLl85gm0w_WPhV1Jk9d7edUTieeGtQQ528KIjZpwHRA4bBT eTHBMi6KpcqZfTWQ5y2ub9TcoYe4gW4gb2EtBq7q7YQ9biHUrkSxoNe2lZesGRHjGg5CoJRrWnWhx45NyEVVxYvZ0NKa0r2aXeR69K1jZiXGNDAOrJPRfUDRU8vw7EV1DkUpjPfalBSZtlx86xta7G_gHUcrLMtM1DOde_tVEml6mH45bTy7QrUJc28Ci_FzGZXNg==-G50AAGRgnq0twglys05wyM2PAXJIWa4h19b

http://www.citytagcity.com/Id9YAyBVSlX6n49pBemLNno1B3ggrSFlJiSmN6CRZ928 NRw3F1n1C6ruTWeuGW0joOfljM0628ljei7xVVGvDZzYrnoSy90HX9anHIUbm8_LihIGs7987b1pQJ OogPHfI8tVSXySoFNKSqgxyDMP2VqrUCiNtGtICf7Me3dgQ2Hg z10ZRxN6RIqgG2emIXUfgWrec-G14AAGRgnq2tAUhktH_YgAOXdJBx0AF88TuLtm G5zkuAd_QuG17sywaSQSPy_iNDagI5D5Q 2_l xHRkw6InHlKo6 yHLx0vHDOH9CKKEGTMYJQ

http://www.getvideos.co/Plugins/TvPlayerPlugin/bin/Versions/.../TvPlayerPluginCore.dll

http://download2.operacdn.com/pub/.custom/campaign/.../Opera_39.0.2256.51_Campaign_99_Setup.exe

http://www.getvideos.co/Plugins/TvPlayerPlugin/bin/Versions/.../TvPlayerPluginCore.dll

http://s3-us-west-2.amazonaws.com/.../DBUpdater.exe

http://i1.proffi-guru.info/.../sinstall.exe

Latest 30 of 59 download URLs

Remove 6_offer_5.exe - Powered by Reason Core Security